Authors: Mary Lynn Garcia.
Paperback, 370 pages
Publisher: Butterworth-Heinemann
Publication Date: 2007-10-05
Edition: 2

Reviews :

    Design and Evaluation of Physical Security Systems, 2e, includes updated references to security expectations and changes since 9/11. The threat chapter includes references to new threat capabilities in Weapons of Mass Destruction, and a new figure on hate crime groups in the US. All the technology chapters have been reviewed and updated to include technology in use since 2001, when the first edition was published. Garcia has also added a new chapter that shows how the methodology described in the book is applied in transportation systems. College faculty who have adopted this text have suggested improvements and these have been incorporated as well. This second edition also includes some references to the author's recent book on Vulnerability Assessment, to link the two volumes at a high level.

* New chapter on transportation systems
* Extensively updated chapter on threat definition
* Major changes to response chapter...

Authors:
Paperback, 433 pages
Publisher: Syngress
Publication Date: 2008-05-27
Edition: 2

Reviews :

    The Updated Version of the Bestselling Nessus Book.

This is the ONLY Book to Read if You Run Nessus Across the Enterprise
Ever since its beginnings in early 1998, the Nessus Project has attracted security researchers from all walks of life. It continues this growth today. It has been adopted as a de facto standard by the security industry, vendor, and practitioner alike, many of whom rely on Nessus as the foundation to their security practices. Now, a team of leading developers have created the definitive book for the Nessus community.

* Perform a Vulnerability Assessment
Use Nessus to find programming errors that allow intruders to gain unauthorized access.

* Obtain and Install Nessus
Install from source or binary, set up up clients and user accounts, and update your plug-ins.

* Modify the Preferences Tab
Specify the options for Nmap and other complex, configurable components of Nessus.

* Understand Scanner Logic and Determine Actual Risk
Plan your scanning strategy and learn what variables can be changed.

* Prioritize Vulnerabilities
Prioritize and manage critical vulnerabilities, information leaks, and denial of service errors.

* Deal with False Positives
Learn the different types of false positives and the differences between intrusive and nonintrusive tests.

* Get Under the Hood of Nessus
Understand the architecture and design of Nessus and master the Nessus Attack Scripting Language (NASL).

* Scan the Entire Enterprise Network
Plan for enterprise deployment by gauging network bandwith and topology issues.

* Nessus is the premier Open Source vulnerability assessment tool, and has been voted the "most popular" Open Source security tool several times.

* The first edition is still the only book available on the product.

* Written by the world's premier Nessus developers and featuring a forword by the creator of Nessus, Renaud Deraison....

Authors: J.C. Cannon.
Paperback, 384 pages
Publisher: Addison-Wesley Professional
Publication Date: 2004-10-01


Reviews :

    When you are on a Web site you don't know well, and you are asked tocomplete an online form, if you are like most people you immediately weigh inyour mind issues of how private the information you provide will be kept.Studies have shown that 64% of consumers have left a Web site because ofconcerns about privacy, and that online retailers lose $6.2 billion a year in salesbecause of privacy issues. Lack of privacy conditions in building an applicationor a web site is a liability; conversely, a web site where the consumer feels thattheir privacy will be guarded is a competitive advantage. In our securityconsciousworld privacy is a topic of concern right up there with identity theftand spam. Yet until now there has not been one source of information fordevelopers on how to develop applications and web sites that will take intoconsideration privacy concerns. JC Cannon draws upon the experience he haslearned from his role in the corporate privacy group at Microsoft to givedevelopers a complete guide to including privacy in their development process.It covers topics such as spam, digital rights management, the Platform forPrivacy Preferences (P3P) project, and protecting database data....

Authors: Richard Bejtlich.
Paperback, 832 pages
Publisher: Addison-Wesley Professional
Publication Date: 2004-07-22
Edition: 1

Reviews :

    "The book you are about to read will arm you with the knowledge you need to defend your network from attackers--both the obvious and the not so obvious...If you are new to network security, don't put this book back on the shelf! This is a great book for beginners and I wish I had access to it many years ago. If you've learned the basics of TCP/IP protocols and run an open source or commercial IDS, you may be asking 'What's next?' If so, this book is for you." --Ron Gula, founder and CTO, Tenable Network Security, from the Foreword "Richard Bejtlich has a good perspective on Internet security--one that is orderly and practical at the same time. He keeps readers grounded and addresses the fundamentals in an accessible way." --Marcus Ranum, TruSecure "This book is not about security or network monitoring: It's about both, and in reality these are two aspects of the same problem. You can easily find people who are security experts or network monitors, but this book explains how to master both topics." --Luca Deri, ntop.org "This book will enable security professionals of all skill sets to improve their understanding of what it takes to set up, maintain, and utilize a successful network intrusion detection strategy. " --Kirby Kuehl, Cisco Systems Every network can be compromised. There are too many systems, offering too many services, running too many flawed applications. No amount of careful coding, patch management, or access control can keep out every attacker. If prevention eventually fails, how do you prepare for the intrusions that will eventually happen? Network security monitoring (NSM) equips security staff to deal with the inevitable consequences of too few resources and too many responsibilities. NSM collects the data needed to generate better assessment, detection, and response processes--resulting in decreased impact from unauthorized activities. In The Tao of Network Security Monitoring, Richard Bejtlich explores the products, people, and processes that implement the NSM model. By focusing on case studies and the application of open source tools, he helps you gain hands-on knowledge of how to better defend networks and how to mitigate damage from security incidents. Inside, you will find in-depth information on the following areas. *The NSM operational framework and deployment considerations.* How to use a variety of open-source tools--including Sguil, Argus, and Ethereal--to mine network traffic for full content, session, statistical, and alert data. *Best practices for conducting emergency NSM in an incident response scenario, evaluating monitoring vendors, and deploying an NSM architecture. *Developing and applying knowledge of weapons, tactics, telecommunications, system administration, scripting, and programming for NSM. *The best tools for generating arbitrary packets, exploiting flaws, manipulating traffic, and conducting reconnaissance. Whether you are new to network intrusion detection and incident response, or a computer-security veteran, this book will enable you to quickly develop and apply the skills needed to detect, prevent, and respond to new and emerging threats....

Authors: David Hook.
Paperback, 480 pages
Publisher: Wrox
Publication Date: 2005-08-19


Reviews :

    Beginning Cryptography with Java

While cryptography can still be a controversial topic in the programming community, Java has weathered that storm and provides a rich set of APIs that allow you, the developer, to effectively include cryptography in applications-if you know how.

This book teaches you how. Chapters one through five cover the architecture of the JCE and JCA, symmetric and asymmetric key encryption in Java, message authentication codes, and how to create Java implementations with the API provided by the Bouncy Castle ASN.1 packages, all with plenty of examples. Building on that foundation, the second half of the book takes you into higher-level topics, enabling you to create and implement secure Java applications and make use of standard protocols such as CMS, SSL, and S/MIME.

What you will learn from this book

• How to understand and use JCE, JCA, and the JSSE for encryption and authentication
• The ways in which padding mechanisms work in ciphers and how to spot and fix typical errors
• An understanding of how authentication mechanisms are implemented in Java and why they are used
• Methods for describing cryptographic objects with ASN.1
• How to create certificate revocation lists and use the Online Certificate Status Protocol (OCSP)
• Real-world Web solutions using Bouncy Castle APIs

Who this book is for

This book is for Java developers who want to use cryptography in their applications or to understand how cryptography is being used in Java applications. Knowledge of the Java language is necessary, but you need not be familiar with any of the APIs discussed.

Wrox Beginning guides are crafted to make learning programming languages and technologies easier than you think, providing a structured, tutorial format that will guide you through all the techniques involved....

Authors: Chris Pogue. Cory Altheide. Todd Haverkos.
Paperback, 448 pages
Publisher: Syngress
Publication Date: 2008-06-23
Edition: Pap/DVD

Reviews :

    This book addresses topics in the area of forensic analysis of systems running on variants of the UNIX operating system, which is the choice of hackers for their attack platforms. According to a 2007 IDC report, UNIX servers account for the second-largest segment of spending (behind Windows) in the worldwide server market with $4.2 billion in 2Q07, representing 31.7% of corporate server spending. UNIX systems have not been analyzed to any significant depth largely due to a lack of understanding on the part of the investigator, an understanding and knowledge base that has been achieved by the attacker. The companion DVD provides a simulated or "live" UNIX environment where readers can test the skills they've learned in the book and use custom tools developed by the authors.

The book begins with a chapter to describe why and how the book was written, and for whom, and then immediately begins addressing the issues of live response (volatile) data collection and analysis. The book continues by addressing issues of collecting and analyzing the contents of physical memory (i.e., RAM). The following chapters address /proc analysis, revealing the wealth of significant evidence, and analysis of files created by or on UNIX systems. Then the book addresses the underground world of UNIX hacking and reveals methods and techniques used by hackers, malware coders, and anti-forensic developers. The book then illustrates to the investigator how to analyze these files and extract the information they need to perform a comprehensive forensic analysis. The final chapter includes a detailed discussion of Loadable Kernel Modules and Malware. The companion DVD provides a simulated or "live" UNIX environment where readers can test the skills they've learned in the book and use custom tools developed by the authors.

Throughout the book the author provides a wealth of unique information, providing tools, techniques and information that won't be found anywhere else. Not only are the tools provided, but the author also provides sample files so that after completing a detailed walk-through, the reader can immediately practice the new-found skills.

* The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else.
* This book contains information about UNIX forensic analysis that is not available anywhere else. Much of the information is a result of the author?s own unique research and work.
* The authors have the combined experience of Law Enforcement, Military, and Corporate forensics. This unique perspective makes this book attractive to ALL forensic investigators....

Authors: Dave Hucaby.
Paperback, 112 pages
Publisher: Cisco Press
Publication Date: 2008-05-23
Edition: 1 Pap/DVD

Reviews :

   

“ The Cisco Firewall Video Mentor is an outstanding aide in learning to configure and understand the Cisco Adaptive Security Appliance. Whether you are a newcomer to the ASA or operationally experienced, these videos clearly explain and demonstrate how to configure and manage the ASA from the commandline and from the ASDM GUI.”

—Mark Macumber, Systems Engineer, Cisco

 

Cisco Firewall Video Mentor is a unique video product that provides you with more than five hours of personal visual instruction from best-selling author and lead network engineer David Hucaby. In the 16 videos presented on the DVD, David walks you through common Cisco® firewall configuration and troubleshooting tasks. Designed to develop and enhance hands-on skills, each 10–30 minute video guides you through essential configuration tasks on the Cisco ASA and FWSM platforms and shows you how to verify that firewalls are working correctly.

 

Lab Layout:

Each video lab presents objectives, dynamic lab topology diagrams, command syntax overviews, and video captures of command-line input and GUI configuration. All of this is coupled with thorough audio instruction by an industry expert making learning easy and engaging.

 

Network Animation:

Animated network diagrams show you lab setup, device addressing, and how traffic flows through the network.

Command-Line Interface (CLI) Video:

 

Video screencasts of ASA and FWSM CLI and the ASDM GUI demonstrate command entry, configuration techniques, and device response.

 

 

This video product is part of the Cisco Press® Video Mentor Series. The video products in this series present expert training from industry-leading instructors and technologists. This dynamic learning environment combines animations, screencasts, and audio instruction to help users bridge the gap between conceptual knowledge and hands on application.

 

 

System Requirements:

• Microsoft Windows XP, 2000, or Vista
• Apple OS 9 or later
• Linux operating systems that have a web browser with Flash 7 or later plug-in
• Speakers or headphones
• Color display with a minimum 1024x768 resolution
• 1 GHz or faster CPU recommended
• DVD drive

...

Authors: Mike Andrews. James A. Whittaker.
Paperback, 240 pages
Publisher: Addison-Wesley Professional
Publication Date: 2006-02-12


Reviews :

    Since its early days as an information exchange tool limited to academe, researchers, and the military, the web has grown into a commerce engine that is now omnipresent in all facets of our lifes. More websites are created daily and more applications are developed to allow users to learn, research, and purchase online. As a result, web development is often rushed, which increases the risk of attacks from hackers. Furthermore, the need for secure applications has to be balanced with the need for usability, performance, and reliability. In this book, Whittaker and Andrews demonstrate how rigorous web testing can help prevent and prepare for such attacks. They point out that methodical testing must include identifying threats and attack vectors to establish and then implement the appropriate testing techniques, manual or automated....

Authors: Joel Scambray. Mike Shema. Caleb Sima.
Paperback, 520 pages
Publisher: McGraw-Hill Osborne Media
Publication Date: 2006-06-05
Edition: 2

Reviews :

   

Implement bulletproof e-business security the proven Hacking Exposed way

Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals.

...

Authors: Schuyler Erle. Rich Gibson. Jo Walsh.
Paperback, 564 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2005-06-09


Reviews :

    Since the dawn of creation, man has designed maps to help identify the space that we occupy. From Lewis and Clark's pencil-sketched maps of mountain trails to Jacques Cousteau's sophisticated charts of the ocean floor, creating maps of the utmost precision has been a constant pursuit. So why should things change now?

Well, they shouldn't. The reality is that map creation, or "cartography," has only improved in its ease-of-use over time. In fact, with the recent explosion of inexpensive computing and the growing availability of public mapping data, mapmaking today extends all the way to the ordinary PC user.

"Mapping Hacks," the latest page-turner from O'Reilly Press, tackles this notion head on. It's a collection of one hundred simple--and mostly free--techniques available to developers and power users who want draw digital maps or otherwise visualize geographic data. Authors Schuyler Erle, Rich Gibson, and Jo Walsh do more than just illuminate the basic concepts of location and cartography, they walk you through the process one step at a time.

"Mapping Hacks" shows you where to find the best sources of geographic data, and then how to integrate that data into your own map. But that's just an appetizer. This comprehensive resource also shows you how to interpret and manipulate unwieldy cartography data, as well as how to incorporate personal photo galleries into your maps. It even provides practical uses for GPS (Global Positioning System) devices--those touch-of-a-button street maps integrated into cars and mobile phones. Just imagine: If Captain Kidd had this technology, we'd all know where to find his buried treasure!

With all of these industrial-strength tips andtools, "Mapping Hacks" effectively takes the sting out of the digital mapmaking and navigational process. Now you can create your own maps for business, pleasure, or entertainment--without ever having to sharpen a single pencil....